Pages

Friday, December 17, 2010

Continuing from the previous post, OTP tokens are generally time-based or event-based. For time-based tokens, the pseudo-random number changes at a pre-determined interval, usually 30-60 seconds. For event-based tokens, it's based on a user event such as user pressing the button on the token and using a mathematical algorithm to generate the pseudo-random number and so on from there. Further explanation can be found here about what is an OTP - http://en.wikipedia.org/wiki/One-time_password .

There are now several companies providing such security tokens used for two factor authentication (TFA). A good explanation of the various types of security tokens can be found here - http://en.wikipedia.org/wiki/Security_token .

In Singapore or even worldwide, for most internet banking services, it's already a practice to use such tokens to improve security. (For the curious or security people, you are able to find out which particular token you are using from the list shown earlier.) Although it adds a layer of protection by using security tokens with TFA, it is still not totally foolproof.

With Wikileaks, cyber attacks in Singapore and other recent events, Singaporeans should not be complacent about security. One such event is the DBS false login page that was in the news and luckily the user was knowledgable to not proceed on. Here is one such notice on phishing by the bank - http://www.dbs.com/sg/personal/ibanking/additionalinfo/security/phishing/default.aspx . The banks has done their part in informing the general public and taking other measures for prevention. Normal users still need to be informed of such risks and how to identify them.

Affiliates

Visitor Information

RSS Feed

The following text will not be seen after you upload your website,
please keep it in order to retain your counter functionality

Disclaimer

The knowledge and tools recommended are for educational purposes. Implementing of the knowledge or tools may violate the laws in certain country. I shall not be liable to any wrong doing or violation of laws by anyone that uses the knowledge or tools that are recommended in this website.